tarsnap-keygen

Register a machine with the Tarsnap server

$ sudo tarsnap-keygen --keyfile [path/to/file.key] --user [user_email] --machine [machine_name]

$ sudo tarsnap-keygen --keyfile [path/to/file.key] --user [user_email] --machine [machine_name] --passphrased

tarsnap-keygen --keyfile <path> --user <email> --machine <name>

--keyfile <path>
    Specifies the path where the newly generated Tarsnap key file will be saved. This file is crucial for all future Tarsnap operations.

--user <email>
    Defines the email address associated with your Tarsnap account. This links the generated key to your user profile on the Tarsnap service.

--machine <name>
    Provides a unique identifier for the machine from which backups will be made. This helps differentiate backups originating from various systems under the same Tarsnap user account.

The tarsnap-keygen command is used to generate a new cryptographic key file for the Tarsnap online backup service. This key is fundamental for authenticating with the Tarsnap servers and for encrypting/decrypting your backup data.

When executed, tarsnap-keygen establishes a secure connection with the Tarsnap service to perform a key exchange, associating the generated key with your Tarsnap account and a specific machine identifier. The resulting key file must be kept secure and confidential, as its compromise would allow unauthorized access to your backups, and its loss would prevent you from restoring your data.

The generated key file is highly sensitive. It must be kept secure and confidential. Loss of this key will make your Tarsnap backups inaccessible, while its compromise would allow unauthorized access to your encrypted data. Back up your key file securely immediately after creation.

The --machine name specified must be unique among all machines associated with your --user account. If you attempt to use a non-unique machine name, tarsnap-keygen will fail.

An active internet connection is required for tarsnap-keygen to communicate with the Tarsnap service during key generation.

The key file generated by tarsnap-keygen is the master key for your Tarsnap data. It should be stored in a secure location with restricted permissions (e.g., chmod 600). It is highly recommended to make secure, offline backups of this key file immediately after creation. For managing existing keys, including changing machine names or removing keys, the tarsnap-keymgt command is used.

tarsnap-keygen is an integral part of Tarsnap, an online backup service created by Colin Percival, a FreeBSD developer and security researcher. Tarsnap was publicly launched in 2008, designed with a strong emphasis on security, efficiency, and robustness. The tarsnap-keygen command has been a core component since the early days, facilitating the secure, cryptographic foundation for user data on the service.

tarsnap(1), tarsnap-keymgt(1), tarsnap-decrypt(1)